scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Azure Auth - rotate-root documentation (#18780)

Browse Source 
* add documentation for rotate root

* commit suggestions

* move api permissions section
This commit is contained in:
Milena Zlaticanin
2023-02-08 18:14:28 -07:00
committed by GitHub
parent 0445667b60
commit 8958d00263
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
website/content/api-docs/auth/azure.mdx
View File

@@ -111,6 +111,28 @@ $ curl \
https://127.0.0.1:8200/v1/auth/azure/config https://127.0.0.1:8200/v1/auth/azure/config
``` ```
## Rotate Root
This endpoint generates a new client secret for the root account defined in the config. The
value generated will only be known by Vault.
| Method | Path |
| :----- | :------------------- |
| `POST` | `/azure/rotate-root` |
### Parameters
There are no parameters to this operation.
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://127.0.0.1:8200/v1/auth/azure/rotate-root
```
## Create Role ## Create Role
Registers a role in the method. Role types have specific entities Registers a role in the method. Role types have specific entities

11
website/content/docs/auth/azure.mdx
View File

@@ -39,6 +39,8 @@ The following Azure [role assignments](https://learn.microsoft.com/en-us/azure/r
must be granted to the Azure AD application in order for the auth method to access Azure must be granted to the Azure AD application in order for the auth method to access Azure
APIs during authentication. APIs during authentication.
### Role Assignments
~> **Note:** The role assignments are only required when the ~> **Note:** The role assignments are only required when the
[`vm_name`](/vault/api-docs/auth/azure#vm_name), [`vmss_name`](/vault/api-docs/auth/azure#vmss_name), [`vm_name`](/vault/api-docs/auth/azure#vm_name), [`vmss_name`](/vault/api-docs/auth/azure#vmss_name),
or [`resource_id`](/vault/api-docs/auth/azure#resource_id) parameters are used on login. or [`resource_id`](/vault/api-docs/auth/azure#resource_id) parameters are used on login.
@@ -54,6 +56,15 @@ or [`resource_id`](/vault/api-docs/auth/azure#resource_id) parameters are used o
[vmss-flex]: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#scale-sets-with-flexible-orchestration [vmss-flex]: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#scale-sets-with-flexible-orchestration
[managed-identities]: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-status [managed-identities]: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-status
### API Permissions
The following [API permissions](https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview#types-of-permissions)
must be assigned to the service principal provided to Vault for managing the root rotation in Azure:
| Permission Name | Type |
| ----------------------------- | ----------- |
| Application.ReadWrite.All | Application |
## Authentication ## Authentication
### Via the CLI ### Via the CLI